Investigando o Impacto de Amostras Adversárias na Detecção de Intrusões em um Sistema Ciberfísico
Abstract
In this paper, we investigate the impact that adversarial examples have on machine learning algorithms used to detect intrusions in cyber-physical systems. The study considers a scenario where an attacker manages to get access to data from the target that can be used to train the adversarial model. The attacker aims to generate malicious samples using Adversarial Machine Learning to mislead the machine learning model used for intrusion detection. By running FGSM (Fast Gradient Sign Method) and JSMA (Jacobian Saliency Map Attack) attacks, we observed that prior knowledge on the target algorithm architecture can lead to more critical attacks. Also, the results showed that variations in the amount of data accessed for attack preparation can have different impacts in the experimented algorithms. Finally, FGSM could create more severe attacks than JSMA, but the latter is less intrusive and possibly harder to detect.
References
Aiken, J. and Scott-Hayward, S. (2019). Investigating adversarial attacks against network intrusion detection systems in SDNs. In 2019 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 1-7.
Alhajjar, E., Maxwell, P., and Bastian, N. D. (2020). Adversarial machine learning in network intrusion detection systems. CoRR, abs/2004.11898.
Anthi, E., Williams, L., Rhode, M., Burnap, P., and Wedgbury, A. (2021). Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications, 58:102717.
Apruzzese, G., Colajanni, M., Ferretti, L., and Marchetti, M. (2019). Addressing adversarial attacks against security systems based on machine learning. In 2019 11th International Conference on Cyber Conflict (CyCon), volume 900, pages 1-18.
Ayub, M. A., Johnson, W. A., Talbert, D. A., and Siraj, A. (2020). Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th Annual Conference on Information Sciences and Systems (CISS), pages 1-6.
Beaver, J. M., Borges-Hink, R. C., and Buckner, M. A. (2013). An evaluation of machine learning methods to detect malicious SCADA communications. In 2013 12th International Conference on Machine Learning and Applications, volume 2, pages 54-59.
Goodfellow, I. J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Ibitoye, O., Shafiq, O., and Matrawy, A. (2019). Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks. In 2019 IEEE Global Communications Conference (GLOBECOM), pages 1-6.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber-physical systems: From threats to resilient design. IEEE Communications Surveys Tutorials, 24(3):1534-1573.
Ning, X. and Jiang, J. (2022). Design, analysis and implementation of a security assessment/enhancement platform for cyber-physical systems. IEEE Transactions on Industrial Informatics, 18(2):1154-1164.
Papernot, N., Faghri, F., Carlini, N., Goodfellow, I., Feinman, R., Kurakin, A., Xie, C., Sharma, Y., Brown, T., Roy, A., Matyasko, A., Behzadan, V., Hambardzumyan, K., Zhang, Z., Juang, Y.-L., Li, Z., Sheatsley, R., Garg, A., Uesato, J., Gierke, W., Dong, Y., Berthelot, D., Hendricks, P., Rauber, J., and Long, R. (2018). Technical report on the cleverhans v2.1.0 adversarial examples library. arXiv preprint arXiv:1610.00768.
Papernot, N., McDaniel, P., and Goodfellow, I. (2016a). Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277.
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., and Swami, A. (2016b). The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroSP), pages 372-387.
Pawlicki, M., Choraś, M., and Kozik, R. (2020). Defending network intrusion detection systems against adversarial evasion attacks. Future Generation Computer Systems, 110:148-154.
Resende, P. A. A. and Drummond, A. C. (2018). A survey of random forest based methods for intrusion detection systems. ACM Comput. Surv., 51(3).
Tabassi, E., Burns, K. J., Hadjimichael, M., Molina-Markham, A. D., and Sexton, J. T. (2019). A taxonomy and terminology of adversarial machine learning. NIST IR, pages 1-29.
Wang, Z. (2018). Deep learning-based intrusion detection with adversaries. IEEE Access, 6:38367-38384.
Yang, K., Liu, J., Zhang, C., and Fang, Y. (2018). Adversarial examples against the deep learning based network intrusion detection systems. In MILCOM 2018 2018 IEEE Military Communications Conference (MILCOM), pages 559-564.
Zarpelão, B. B., Barbon Junior, S., Acarali, D., and Rajarajan, M. (2020). How Machine Learning Can Support Cyberattack Detection in Smart Grids, pages 225-258. Springer International Publishing, Cham.
Zhang, J., Pan, L., Han, Q.-L., Chen, C., Wen, S., and Xiang, Y. (2022). Deep learning based attack detection for cyber-physical system cybersecurity: A survey. IEEE/CAA Journal of Automatica Sinica, 9(3):377-391.
Alhajjar, E., Maxwell, P., and Bastian, N. D. (2020). Adversarial machine learning in network intrusion detection systems. CoRR, abs/2004.11898.
Anthi, E., Williams, L., Rhode, M., Burnap, P., and Wedgbury, A. (2021). Adversarial attacks on machine learning cybersecurity defences in industrial control systems. Journal of Information Security and Applications, 58:102717.
Apruzzese, G., Colajanni, M., Ferretti, L., and Marchetti, M. (2019). Addressing adversarial attacks against security systems based on machine learning. In 2019 11th International Conference on Cyber Conflict (CyCon), volume 900, pages 1-18.
Ayub, M. A., Johnson, W. A., Talbert, D. A., and Siraj, A. (2020). Model evasion attack on intrusion detection systems using adversarial machine learning. In 2020 54th Annual Conference on Information Sciences and Systems (CISS), pages 1-6.
Beaver, J. M., Borges-Hink, R. C., and Buckner, M. A. (2013). An evaluation of machine learning methods to detect malicious SCADA communications. In 2013 12th International Conference on Machine Learning and Applications, volume 2, pages 54-59.
Goodfellow, I. J., Shlens, J., and Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572.
Ibitoye, O., Shafiq, O., and Matrawy, A. (2019). Analyzing adversarial attacks against deep learning for intrusion detection in IoT networks. In 2019 IEEE Global Communications Conference (GLOBECOM), pages 1-6.
Kim, S., Park, K.-J., and Lu, C. (2022). A survey on network security for cyber-physical systems: From threats to resilient design. IEEE Communications Surveys Tutorials, 24(3):1534-1573.
Ning, X. and Jiang, J. (2022). Design, analysis and implementation of a security assessment/enhancement platform for cyber-physical systems. IEEE Transactions on Industrial Informatics, 18(2):1154-1164.
Papernot, N., Faghri, F., Carlini, N., Goodfellow, I., Feinman, R., Kurakin, A., Xie, C., Sharma, Y., Brown, T., Roy, A., Matyasko, A., Behzadan, V., Hambardzumyan, K., Zhang, Z., Juang, Y.-L., Li, Z., Sheatsley, R., Garg, A., Uesato, J., Gierke, W., Dong, Y., Berthelot, D., Hendricks, P., Rauber, J., and Long, R. (2018). Technical report on the cleverhans v2.1.0 adversarial examples library. arXiv preprint arXiv:1610.00768.
Papernot, N., McDaniel, P., and Goodfellow, I. (2016a). Transferability in machine learning: from phenomena to black-box attacks using adversarial samples. arXiv preprint arXiv:1605.07277.
Papernot, N., McDaniel, P., Jha, S., Fredrikson, M., Celik, Z. B., and Swami, A. (2016b). The limitations of deep learning in adversarial settings. In 2016 IEEE European Symposium on Security and Privacy (EuroSP), pages 372-387.
Pawlicki, M., Choraś, M., and Kozik, R. (2020). Defending network intrusion detection systems against adversarial evasion attacks. Future Generation Computer Systems, 110:148-154.
Resende, P. A. A. and Drummond, A. C. (2018). A survey of random forest based methods for intrusion detection systems. ACM Comput. Surv., 51(3).
Tabassi, E., Burns, K. J., Hadjimichael, M., Molina-Markham, A. D., and Sexton, J. T. (2019). A taxonomy and terminology of adversarial machine learning. NIST IR, pages 1-29.
Wang, Z. (2018). Deep learning-based intrusion detection with adversaries. IEEE Access, 6:38367-38384.
Yang, K., Liu, J., Zhang, C., and Fang, Y. (2018). Adversarial examples against the deep learning based network intrusion detection systems. In MILCOM 2018 2018 IEEE Military Communications Conference (MILCOM), pages 559-564.
Zarpelão, B. B., Barbon Junior, S., Acarali, D., and Rajarajan, M. (2020). How Machine Learning Can Support Cyberattack Detection in Smart Grids, pages 225-258. Springer International Publishing, Cham.
Zhang, J., Pan, L., Han, Q.-L., Chen, C., Wen, S., and Xiang, Y. (2022). Deep learning based attack detection for cyber-physical system cybersecurity: A survey. IEEE/CAA Journal of Automatica Sinica, 9(3):377-391.
Published
2023-05-22
How to Cite
SILVA, Gabriel H. N. Espindola da; MIANI, Rodrigo Sanches; ZARPELÃO, Bruno Bogaz.
Investigando o Impacto de Amostras Adversárias na Detecção de Intrusões em um Sistema Ciberfísico. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 41. , 2023, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 281-294.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2023.488.
